Cynthia Sturton, associate professor at the University of North Carolina at Chapel Hill, has received two grants from the National Science Foundation (NSF) in support of projects to strengthen hardware security verification. The first project, titled "Hardware Security Insights: Analyzing Hardware Designs to Understand and Assess Security Weaknesses and Vulnerabilities," will develop more effective methods for understanding how information flows in computer hardware designs, with the goal of enhancing the security of that information.

According to researchers at the cybersecurity company Checkmarx, Telegram, AWS, and Alibaba Cloud users are the target of a new malware campaign that hides malicious code within specific software functions to make it more difficult to detect. In September, Checkmarx discovered the campaign, which has been attributed to a threat actor dubbed "kohlersbtuh15." The malicious actor used the Python programming software repository Python Package Index (PyPI), launching attacks involving typosquatting and starjacking techniques.

New research explores the application of deep learning to analyze spectrogram images of the human eye and its movements as a biometric tool. For recognition and security applications, a group of researchers has created a novel method of personal identification based on eye movements. Since it focuses on the involuntary nature of certain eye movements, the biometric technique has proven resistant to fraudulent attempts. The team reached an accuracy of about 73 percent for eye angle spectrogram identification, and 65 percent for eye coordinate spectrogram identification testing.

Amnesty International has reported on a series of Predator spyware attacks against EU, US, and Asia civil society, journalists, politicians, and academics. The human rights group noted that the severity of these attacks warrants a global ban on spyware. Amnesty International's secretary general, Agnes Callamard, said that Intellexa alliance, the European-based developers of Predator and other surveillance products, have not limited who can use this spyware and for what purpose.

California Governor Gavin Newsom recently signed into law the first bill in the US compelling data brokers to delete all personal data of state residents upon request.  Dubbed the “Delete Act” (SB 362), this legislation will equip residents with a single “delete button” accessible via the California Privacy Protection Agency (CPPA) website, affecting roughly 113 registered data brokers in the state and imposing penalties on non-compliant brokers by 2026.  Data brokers collect a vast amount of personal information, which is why they are prime targets for cybercriminals.

Security researchers at Patchstack have discovered a new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below).  With over 20,000 active installations, this popular plugin is used for user-generated content submissions and is developed by Plugin Planet.  The researchers noted that the vulnerability has been assigned CVE-2023-45603.  According to the researchers, this plugin suffers from an unauthenticated arbitrary file upload vulnerability.

Through the exploitation of Internet-accessible and vulnerable Operational Technology (OT) assets, cyber actors have demonstrated their continued determination to conduct malicious cyber activity against critical infrastructure. Therefore, the National Security Agency (NSA) has released a repository for OT Intrusion Detection Signatures and Analytics on the NSA Cyber GitHub to counter this threat.

Many ransomware incidents are perpetrated by threat actors exploiting known Common Vulnerabilities and Exposures (CVEs). However, many organizations may not know that a vulnerability used by ransomware threat actors is on their network. As required by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022, the Cybersecurity and Infrastructure Security Agency (CISA) established the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 to help organizations overcome this blind spot. CISA has announced the addition of new resources to the RVWP.

Shadow PC, a provider of high-end cloud computing services, is alerting its customers of a data breach that exposed private information for over 500,000 customers. A threat actor claims to be selling the stolen data. Shadow PC is a cloud gaming service that provides users with high-end Windows PCs streamed to their local devices, enabling them to play demanding games on a virtual computer. As a result of a successful social engineering attack on its employees, the company has begun sending data breach notifications.

In what researchers believe is a significant transition, the Everest ransomware group is intensifying its efforts to purchase access to corporate networks from employees. Everest noted on its dark web victim blog that those who help in its initial intrusion will receive a "good percentage" of the profits from successful attacks. In addition, the group pledged to provide collaborators with "full transparency" regarding each operation's nature and confidentiality regarding their role in the attack.